Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth Architecture

Published byMercy Woods Modified over 6 years ago

Similar presentations

Presentation on theme: "Shibboleth Architecture"— Presentation transcript:

1 Shibboleth Architecture
Technical Information Session for Developers Datta Mahabalagiri April

2 Identity Provider (IdP)
The “server” side of Shibboleth HS: SSO/Authentication AA: Attributes One instance per campus

3 Service Provider (SP) The “consumer” side of Shibboleth
Apache Module or IIS ISAPI filter plus daemon Handles all interactions with IdP ACS AR Attributes in HTTP header Provided by Internet2

4 Federation Federation WAYF

5

6 Application / Resource
Architecture WAYF 2 3 4 5 6 1 Identity Provider Service Provider 7 Credentials SSO (ISIS) HS ACS 8 Handle User DB Handle Application / Resource 9 Handle AA Attributes AR Attribute Repository Attributes 10 © SWITCH

7 Identity Provider at UCLA
4 OK, I redirect your request now to the Handle Service of UCLA. 3 2 Please tell me where are you from? 1 ACS I don’t know you. Not even which home org you are from. Redirect your request to the WAYF WAYF HS 5 6 I don’t know you. Please authenticate Using ISIS Identity Provider at UCLA Service Provider 7 User DB Credentials OK, I know you now. Redirect your request to the SP, together with a handle Attributes 10 Manager Resoure OK, based on the attributes, I grant access to the resource AR Handle 8 I don’t know the attributes of this user. Let’s ask the Attribute Authority Handle 9 AA Let’s pass over the attributes the user has allowed me to release Resource

8 Access Control Read Http header
request.getAttribute(“eduPersonPrincipalName”) request.getAttribute(“Affiliation”) If (affiliation == student) allow Read access Else If (affiliation == faculty) allow Edit access

9 Bilateral vs Federated
Establish trust & Exchange metadata with IdP directly Likely a simpler deployment model for UCLA-only applications User base limited to UCLA Can always move to a federated deployment mode

10 Bilateral vs Federated
Register with a 3rd party hosting a Federation Interoperability & trust Common standards, Comply with federation requirements Security and Audit requirements Coordinated helpdesk support Expanded User base When to choose Federated deployment?

Download ppt "Shibboleth Architecture"

Similar presentations

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Federation management A mess? 9.4.2008 Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.
Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.

Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.
Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.
Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Introduction to Identity Management Federation Kazu Yamaji, National Institute of Informatics, Japan.

Introduction to Identity Management Federation Kazu Yamaji, National Institute of Informatics, Japan.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.
Shibboleth Update a.k.a. “shibble-ware”

Shibboleth Update a.k.a. “shibble-ware”
Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March 3. 2008.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
Project Shibboleth Update, Demonstration and Discussion Michael R Gettes Duke University (on behalf of the entire shib team!!!) June.

Project Shibboleth Update, Demonstration and Discussion Michael R Gettes Duke University (on behalf of the entire shib team!!!) June.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
AAI with simpleSAMLphp

AAI with simpleSAMLphp
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.

Similar presentations

Ads by Google